<html>
<head><meta charset="utf-8"><title>Suggesting UB workarounds to crate authors · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html">Suggesting UB workarounds to crate authors</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="178489813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178489813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178489813">(Oct 18 2019 at 16:25)</a>:</h4>
<p>There's a crate that <a href="https://github.com/ogoffart/vptr/issues/1#issue-508941503" target="_blank" title="https://github.com/ogoffart/vptr/issues/1#issue-508941503">tries to implement</a> <code>memoffset</code> inside a <code>static</code>. As noted in that issue, there is currently no blessed way to do this inside a <code>const</code> context. </p>
<p>Unfortunately, the author used <code>0</code> as the address for the fake reference, which is no longer allowed by MIRI and won't compile on the new beta. The obvious (still UB) workaround for this is to use a non-zero <code>usize</code> as the address. I'm guessing the crate author will figure this out themselves. However, my question is whether should someone suggest this in a highly visible forum (like the linked github issue)? It may give the impression that this approach is officially sanctioned when it's not.</p>
<p>The other question is whether this deserves a CVE. There's a <a href="https://www.cvedetails.com/cve/CVE-2019-15553/" target="_blank" title="https://www.cvedetails.com/cve/CVE-2019-15553/">similar one</a> for <code>memoffset</code>.</p>



<a name="178491153"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178491153" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178491153">(Oct 18 2019 at 16:43)</a>:</h4>
<blockquote>
<p>The other question is whether this deserves a CVE. There's a similar one for memoffset.</p>
</blockquote>
<p>cc <span class="user-mention" data-user-id="127617">@Shnatsel</span>  ^^</p>



<a name="178508929"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178508929" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178508929">(Oct 18 2019 at 20:39)</a>:</h4>
<p>In a nutshell: if that can cause an out-of-bounds read or write, or read uninitialized memory, or read/write memory that's been freed, open a CVE. Otherwise, don't.<br>
I don't think a null reference observed by const evaluator would be exploitable. Maybe it can set off some chain of events that may lead up to one of the above - if that's the case, file a CVE; otherwise, don't.</p>



<a name="178510845"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178510845" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178510845">(Oct 18 2019 at 21:08)</a>:</h4>
<p>My guess is that it cannot, but I'm no good at exploits. Thanks <span class="user-mention silent" data-user-id="127617">Shnatsel</span> .</p>



<a name="178536862"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536862" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536862">(Oct 19 2019 at 09:00)</a>:</h4>
<blockquote>
<p>As noted in that issue, there is currently no blessed way to do this inside a const context. </p>
</blockquote>
<p>there's no blessed way to do this <em>at all</em>, in any context</p>



<a name="178536866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536866">(Oct 19 2019 at 09:00)</a>:</h4>
<p>what <code>memoffset</code> does is not blessed</p>



<a name="178536869"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536869" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536869">(Oct 19 2019 at 09:00)</a>:</h4>
<p>it's just less un-blessed than the const "solutions" :D</p>



<a name="178536898"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536898" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536898">(Oct 19 2019 at 09:01)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> this is UB only in const context, I think. There's no way this can leak into run-time UB with the current compiler. The result of const-context UB is either (a) it does what the programmer expected [the UB was not detected] or (b) compilation aborts.</p>



<a name="178536902"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536902" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536902">(Oct 19 2019 at 09:01)</a>:</h4>
<p>so I don't think this needs any kind of advisory, TBH</p>



<a name="178536947"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536947" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536947">(Oct 19 2019 at 09:02)</a>:</h4>
<p>so, basically what you said :)</p>



<a name="178536998"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178536998" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178536998">(Oct 19 2019 at 09:04)</a>:</h4>
<p>the <code>memoffset</code> CVE was IMO an overreaction; there's no known case of a program actually having any bad behavior due to this. sure, safe code <em>could</em> have caused drop-of-uninit-data with the API, but AFAIK the bar for a CVE isn't "the API is unsound", is it? Then every C library in existence would need a CVE as there is no such thing as a sound C API :D</p>



<a name="178537055"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537055" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537055">(Oct 19 2019 at 09:04)</a>:</h4>
<p>to come back to <span class="user-mention" data-user-id="118594">@ecstatic-morse</span>'s question, I personally fairly freely share such alternative hacks, always with a big disclaimer that thy are wrong and bad hacks. I am pretty sure I posted the one for const-context <code>offsetof</code> on IRLO somewhere, let me check.</p>



<a name="178537071"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537071" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537071">(Oct 19 2019 at 09:05)</a>:</h4>
<p><a href="https://internals.rust-lang.org/t/pre-rfc-add-a-new-offset-of-macro-to-core-mem/9273/83?u=ralfjung" target="_blank" title="https://internals.rust-lang.org/t/pre-rfc-add-a-new-offset-of-macro-to-core-mem/9273/83?u=ralfjung">Here it is</a></p>



<a name="178537072"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537072" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537072">(Oct 19 2019 at 09:06)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> for future reference, there is also <a href="https://github.com/RustSec/advisory-db" target="_blank" title="https://github.com/RustSec/advisory-db">https://github.com/RustSec/advisory-db</a> which is Rust-specific but machine-readable. There is also <code>cargo-audit</code> that lets you audit your crate's dependencies against that database. This is complementary to CVE, usually with faster turnaround</p>



<a name="178537119"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537119" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537119">(Oct 19 2019 at 09:06)</a>:</h4>
<p>notice however that replacing the 0 by a 1 will <em>not</em> actually make the example work -- and also the code I posted there doesn't work with current rustc betas.  There isn't just no blessed way of doing this in const context right now, I literally do not know of a way to do it.</p>



<a name="178537221"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537221" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537221">(Oct 19 2019 at 09:09)</a>:</h4>
<p>"The API is unsound" could be a reason for CVE. It's just that Rust encodes the invariants in the type system while C relies on documentation. If there is something specifically blessed by documentation for C function and it causes a memory error, then it's a reason to open a CVE.</p>



<a name="178537281"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537281" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537281">(Oct 19 2019 at 09:11)</a>:</h4>
<blockquote>
<p>Then every C library in existence would need a CVE as there is no such thing as a sound C API :D</p>
</blockquote>
<p>You know, there's a reason we're not using C <span aria-label="slight smile" class="emoji emoji-1f642" role="img" title="slight smile">:slight_smile:</span><br>
"The whole of C is a CVE" is not the worst idea. ^^</p>



<a name="178537393"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537393" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537393">(Oct 19 2019 at 09:14)</a>:</h4>
<p>In practice it basically is. <br>
I have once reported a heap buffer overflow bug in a library that Firefox uses to decode VP8. It is exposed to untrusted inputs because HTML5 video autoplays, and the bug is relatively easy to exploit. The maintainers refused to file a CVE because "if they'd open a CVE for every such bug they fix, they'd never get any actual work done".</p>



<a name="178537423"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537423" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537423">(Oct 19 2019 at 09:16)</a>:</h4>
<p>And the horrifying state of Linux kernel is something I try really hard not to think about.</p>



<a name="178537469"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537469" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537469">(Oct 19 2019 at 09:16)</a>:</h4>
<blockquote>
<p>If there is something specifically blessed by documentation for C function and it causes a memory error, then it's a reason to open a CVE.</p>
</blockquote>
<p>That's a good argument, thanks.</p>



<a name="178537473"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537473" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537473">(Oct 19 2019 at 09:16)</a>:</h4>
<blockquote>
<p>"if they'd open a CVE for every such bug they fix, they'd never get any actual work done"</p>
</blockquote>
<p><span aria-label="scream" class="emoji emoji-1f631" role="img" title="scream">:scream:</span></p>



<a name="178537556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537556">(Oct 19 2019 at 09:19)</a>:</h4>
<p>Yeah, that was my reaction as well. This is when I gave up looking for bugs in commonly used C code and internalized that <em>everything</em> is broken.</p>



<a name="178537628"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537628" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537628">(Oct 19 2019 at 09:21)</a>:</h4>
<p>I wonder what that means for all these studies that use CVEs as a measure to count security-critical bugs... better not to think about it^^</p>



<a name="178537673"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537673" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537673">(Oct 19 2019 at 09:22)</a>:</h4>
<p>just that it makes Rust look relatively worse if we are more honest about reporting them :/</p>



<a name="178537677"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537677" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537677">(Oct 19 2019 at 09:22)</a>:</h4>
<p>Oh yeah, and this stance about CVEs is also fairly common among Linux kernel developers. I could probably find a dozen security bugs in the kernel right now that were fixed but not properly disclosed and as a result are not shipped by my distro.</p>



<a name="178537731"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537731" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537731">(Oct 19 2019 at 09:24)</a>:</h4>
<p>Aaaactually, security bugs in stdlib in Rust are also routinely fixed without opening a CVE. For like 2 out of 3 such bugs the CVE was filed retroactively by me, that's the only reason it exists.</p>



<a name="178537748"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537748" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537748">(Oct 19 2019 at 09:25)</a>:</h4>
<p>fair^^</p>



<a name="178537801"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537801" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537801">(Oct 19 2019 at 09:27)</a>:</h4>
<p>But yeah, CVEs are wildly under-reported. And Rust still has less CVEs per year than, say, Python!</p>



<a name="178537917"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178537917" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178537917">(Oct 19 2019 at 09:30)</a>:</h4>
<p>well Python is also much much much more widely used^^</p>



<a name="178549219"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178549219" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> HeroicKatora <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178549219">(Oct 19 2019 at 14:43)</a>:</h4>
<p>Using CVEs for counting bugs is broken anyways. For the Linux Kernel there are plenty of stories of CVEs being filed to pad resumes, the average resolution time (days from filing to resolution) is -1000 days. Yes, negative. And then there is also CVE being used to circumvent bad corporate policies such as allowing backports in longterm branches strictly only in case of security fixes.</p>



<a name="178552540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178552540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178552540">(Oct 19 2019 at 16:13)</a>:</h4>
<p>"There is no point to Rust, because it solves a problem that isn't there. I never have memory problems to begin with!"</p>



<a name="178597858"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178597858" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178597858">(Oct 20 2019 at 15:44)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> is the term "CVE" in the context of Rust defined somewhere ?</p>



<a name="178597862"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178597862" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178597862">(Oct 20 2019 at 15:44)</a>:</h4>
<p>For Rust a "Rust-CVE" might be due to a safe API that's unsound</p>



<a name="178597873"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178597873" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178597873">(Oct 20 2019 at 15:45)</a>:</h4>
<p>That does not mean that there is an exploit in the wild (like CVEs document), but that there _might_ be one, which is a much higher bar.</p>



<a name="178597879"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178597879" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178597879">(Oct 20 2019 at 15:45)</a>:</h4>
<p>For C this bar doesn't make sense because then you need to use these CVEs for all code, but for Rust safe abstraction such a bar does make sense IMO</p>



<a name="178599607"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178599607" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178599607">(Oct 20 2019 at 16:33)</a>:</h4>
<p>Well, there is <a href="https://github.com/RustSec/advisory-db" target="_blank" title="https://github.com/RustSec/advisory-db">https://github.com/RustSec/advisory-db</a> maintained by Rust Secure Code WG, and <code>cargo audit</code> checking dependencies against it. The bar for an advisory is "it's possible to write safe code that leads to memory safety violation in practice".</p>



<a name="178599690"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178599690" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178599690">(Oct 20 2019 at 16:34)</a>:</h4>
<p><a href="https://rustsec.org/advisories/RUSTSEC-2019-0010.html" target="_blank" title="https://rustsec.org/advisories/RUSTSEC-2019-0010.html">https://rustsec.org/advisories/RUSTSEC-2019-0010.html</a> - this is hard to exploit in practice and requires a very specific code to use the API, but it's not impossible, so it's an advisory.</p>



<a name="178674188"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178674188" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178674188">(Oct 21 2019 at 16:49)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> is the term "CVE" in the context of Rust defined somewhere ?</p>
</blockquote>
<p>uh... CVE is not ours to define, it's literally a thing that exists in the real world.^^</p>



<a name="178674220"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178674220" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178674220">(Oct 21 2019 at 16:50)</a>:</h4>
<p>or do you mean if Rust has common standards for what is considered CVE-worthy? I doubt it.</p>



<a name="178674318"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178674318" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178674318">(Oct 21 2019 at 16:51)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> </p>
<blockquote>
<p>Well, there is <a href="https://github.com/RustSec/advisory-db" target="_blank" title="https://github.com/RustSec/advisory-db">https://github.com/RustSec/advisory-db</a> maintained by Rust Secure Code WG, and <code>cargo audit</code> checking dependencies against it. The bar for an advisory is "it's possible to write safe code that leads to memory safety violation in practice".</p>
</blockquote>
<p>what does "in practice" mean here? is it sufficient to argue that e.g. LLVM has done similar optimizations in comparable cases in the past so the optimizations this UB enables could realistically occur -- or does one need to produce a SIGSEGV/SIGILL/...?</p>



<a name="178674930"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178674930" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178674930">(Oct 21 2019 at 16:59)</a>:</h4>
<p>I'd say "could realistically occur" is good enough, but we're still figuring that stuff out.<br>
<code>cargo-audit</code> now has a mechanism for issuing warnings instead of hard failures, so if something e.g. uses a feature that's technically UB and happens to work now but we expect it to be broken in the future, then we can file that instead of a straight-up security advisory.</p>



<a name="178674962"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178674962" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178674962">(Oct 21 2019 at 16:59)</a>:</h4>
<p>hm... I know of some such cases but the issue is they are not actionable</p>



<a name="178675028"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178675028" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178675028">(Oct 21 2019 at 17:00)</a>:</h4>
<p>either no UB-free alternative exists or the maintainer doesn't want to use it because of a 30% hit in microbenchmarks.</p>



<a name="178675066"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178675066" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178675066">(Oct 21 2019 at 17:00)</a>:</h4>
<p>the latter could be a basis for a warning</p>



<a name="178675124"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178675124" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178675124">(Oct 21 2019 at 17:01)</a>:</h4>
<p>I believe <code>offset_of</code> is one such thing?</p>



<a name="178675253"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178675253" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178675253">(Oct 21 2019 at 17:02)</a>:</h4>
<p>Actually both could be a basis for a "warning" advisory. It could be helpful to inform people about this, maybe they could use a different approach instead of <code>offset_of</code></p>



<a name="178676768"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178676768" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178676768">(Oct 21 2019 at 17:19)</a>:</h4>
<blockquote>
<p>I believe <code>offset_of</code> is one such thing?</p>
</blockquote>
<p>it is the former, yes</p>



<a name="178676822"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178676822" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178676822">(Oct 21 2019 at 17:20)</a>:</h4>
<blockquote>
<p>Actually both could be a basis for a "warning" advisory. It could be helpful to inform people about this, maybe they could use a different approach instead of <code>offset_of</code></p>
</blockquote>
<p>do warnings show transitively?</p>



<a name="178676841"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178676841" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178676841">(Oct 21 2019 at 17:20)</a>:</h4>
<p>crossbeam depends on memoffset so really most people cant do anything about it</p>



<a name="178681630"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178681630" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178681630">(Oct 21 2019 at 18:07)</a>:</h4>
<blockquote>
<p>uh... CVE is not ours to define, it's literally a thing that exists in the real world.^^</p>
</blockquote>
<p>I know, but Rust CVEs are CVEs that are also often filled in the advisory-db repo</p>



<a name="178681661"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178681661" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178681661">(Oct 21 2019 at 18:07)</a>:</h4>
<p>I think it is fine for <code>advisory-db</code> to accept issues that might not be accepted as CVEs</p>



<a name="178681718"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178681718" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178681718">(Oct 21 2019 at 18:08)</a>:</h4>
<p>Like "an unsound safe Rust API"</p>



<a name="178681754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178681754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178681754">(Oct 21 2019 at 18:08)</a>:</h4>
<p>that might not have a known CVE yet</p>



<a name="178691299"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/178691299" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#178691299">(Oct 21 2019 at 19:52)</a>:</h4>
<blockquote>
<p>I think it is fine for <code>advisory-db</code> to accept issues that might not be accepted as CVEs</p>
</blockquote>
<p>I dont think anyone disputes that :)</p>



<a name="179175612"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting%20UB%20workarounds%20to%20crate%20authors/near/179175612" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Suggesting.20UB.20workarounds.20to.20crate.20authors.html#179175612">(Oct 27 2019 at 15:42)</a>:</h4>
<p>We could call them "recommendations" or "guidelines"</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>